Hybrid Key Provisioning

This document contains instructions on how Operators collaborate to set up QKM where the Operator Keys and Location Keys were generated before this ceremony and only the PGP Public Certificates of the Location keys are brought to the ceremony which are used to shard the Root Entropy. This is useful when conducting the ceremony in a lower trust environment, and where not all aspects of the ceremony can be controlled to the desired degree.

Steps

1. Prior to the ceremony, set up a git repository with relevant artifacts in it, and create Ceremony Notes according to this guide.

2. Ensure there are additional witnesses for the ceremony, outside of the operators to assist in monitoring and verifying the integrity of the process.

   • Designate at least 1 individual to keep notes on the ceremony based on the Ceremony Log Template

3. Ensure that no participants have brought digital devices other than ones necessary for the ceremony. A faraday bag may be used to hold any such devices for the duration of the ceremony.

4. Procure a laptop and SD cards (3) from a randomly selected store and ensure at least 2 people are in line of sight of all the hardware until the ceremony is executed. It may be worthwhile to try booting from the SD card at the store. Dell laptops tend to support booting from SD cards while Lenovo don't. More notes on selecting hardware can be found here

5. Secure a Location

6. Each member needs to bring their:

   • Ceremony Notes

   • Ceremony SD Card

   • Airgap SD Card (only 1 member needs to bring this - set up according to One Time Use / AirgapOS Setup).

7. Verify the SD card by either:

   • Booting a separate AirgapOS to the machine used for the ceremony in order to verify the SD card is not writeable and the hash matches using the steps from the One Time Use/ AirgapOS Setup guide.

     OR

   • Mounting the SD card to a separate machine and verifying it's not writeable and verify the hash matches using steps from the One Time Use/AirgapOS Setup guide.

   • NOTE: It is essential that the SD card remain in line of sight from the moment it is verified to the moment is is used.

8. Plug in and boot from Airgap SD card:

   • Boot from internal SD card reader or USB device reader

   • Verify the sha256sum ceremony.sh hash matches each of the Operator's "Ceremony Notes"

9. Button mash to ensure adequate entropy on the OS

10. Set the system time as it has to be after the PGP public certificates were created, and before they expire:

    • date -s "YYYY-MM-DD HH:MM:SS"

11. Run ceremony.sh

12. Back up the shardfile, and pub.asc to 3 separate SD cards, one for each operator

13. Destroy the computer according to Hardware Destruction guide.